We are using git / github, and we have to be able to proof that a specific commit / tag was done before a specific time, we want to use Trusted Timestamp for this, as they seem to be the easiest way of achieving this.
Another option would be a DOI, but the repo is private (embargoed due to usage in internal projects) and will only be public at a later stage, but the timestamp should be for the time of the initial commit / tag.
As I understand it, the timestamp is generated based on the files and a hash is created, which can be verified later and proves that it was created at a certain date and time.
But I am struggling on how I can use these in git / github?
Do I create the Trusted Timestamp of the hash created by git and include it in a tag, i.e. request the Trusted Timestamp after the commit which I want to stamp?
Do I add the timestamp as file to the commit, i.e. request it before the commit? But what do I use to create Trusted Timestamp for?
I am using now OriginStamp which integrates nicely with github as described here in general and at this site specifically for github.
If I understand it correctly, it gives a Trusted Timestamp based on the generated hash from git and deposits it in the bitcoin blockchain.